Docker sample for CodeBuild

This sample produces as build output a Docker image and then pushes the Docker image
to an
Amazon Elastic Container Registry (Amazon ECR) image repository. You can adapt this
sample to push the Docker image
to Docker Hub. For more information, see Adapting the sample to push the image to Docker Hub.

This sample uses the new multi-stage Docker builds feature, which produces a Docker
image as build output. It then pushes the Docker image to an Amazon ECR image repository.
Multi-stage Docker image builds help to reduce the size of the final Docker image.
For more information, see Use multi-stage builds with Docker.

Running the sample

To run this sample

If you already have an image repository in Amazon ECR you want to use, skip to step
3. Otherwise, if you are using an IAM user instead of an AWS root account or
an administrator IAM user to work with Amazon ECR, add this statement (between
### BEGIN ADDING STATEMENT HERE ### and
### END ADDING STATEMENT HERE ###) to the user
(or IAM group the user is associated with). Using an AWS root account is not
recommended.This statement allows the creation of Amazon ECR repositories for storing
Docker images. Ellipses (...) are used for brevity and to help you
locate where to add the statement. Do not remove any statements, and do not type
these ellipses into the policy. For more information, see Working with Inline Policies Using the AWS Management Console in the
IAM User Guide.

The IAM entity that modifies this policy must have
permission in IAM to modify policies.

Create an image repository in Amazon ECR. Be sure to create the repository in the
same AWS Region where you create your build environment and run your build.
For more information, see Creating a Repository in the Amazon ECR User Guide.
This repository's name must match the repository name you specify later in this
procedure, represented by the IMAGE_REPO_NAME environment
variable.

Add this statement (between ### BEGIN ADDING STATEMENT HERE
### and ### END ADDING STATEMENT HERE
###) to the policy you attached to your AWS CodeBuild service
role. This statement allows CodeBuild to upload Docker images to Amazon ECR repositories.
Ellipses (...) are used for brevity and to help you locate where to
add the statement. Do not remove any statements, and do not type these ellipses
into the policy.

The IAM entity that modifies this policy must have
permission in IAM to modify policies.

Create the files as described in the "Directory structure" and "Files"
sections of this topic, and then upload them to an S3 input bucket or an
AWS CodeCommit, GitHub, or Bitbucket repository.

Important

Do not upload (root directory
name), just the files inside of
(root directory
name).

If you are using an S3 input bucket, be sure to create a ZIP file that
contains the files, and then upload it to the input bucket. Do not add
(root directory
name) to the ZIP file, just the files inside of
(root directory
name).

Because you use this build project to build a Docker image, select
Privileged.

Note

By default, Docker containers
do not allow access to any devices. Privileged mode grants a build project's Docker
container access to all devices. For more information, see
Runtime Privilege and
Linux Capabilities on the Docker Docs website.

Add the following environment variables:

AWS_DEFAULT_REGION with a value of
region-ID

AWS_ACCOUNT_ID with a value of
account-ID

IMAGE_TAG with a value of Latest

IMAGE_REPO_NAME with a value of
Amazon-ECR-repo-name

If you use the AWS CLI to create the build project, the JSON-formatted input to
the create-project command might look similar to this.
(Replace the placeholders with your own values.)

Upload the edited code to an S3 input bucket or an AWS CodeCommit, GitHub, or
Bitbucket repository.

Important

Do not upload (root directory
name), just the files inside of
(root directory
name).

If you are using an S3 input bucket, be sure to create a ZIP file that
contains the files, and then upload it to the input bucket. Do not add
(root directory
name) to the ZIP file, just the files inside of
(root directory
name).

Replace these lines of code from the JSON-formatted input to the
create-project command:

Confirm that AWS CodeBuild successfully pushed the Docker image to the repository.
Sign in to Docker Hub, go to the repository, and choose the
Tags tab. The latest tag should
contain a very recent Last Updated value.